Lucene search
K

183 matches found

OSV
OSV
added 2021/07/22 2:15 p.m.3 views

UBUNTU-CVE-2021-34431

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker...

6.5CVSS6.6AI score0.01113EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/22 12:0 a.m.3 views

Eclipse Mosquitto 安全漏洞

Eclipse Mosquitto is an open source messaging agent software suite from the Eclipse Foundation. A security vulnerability exists in Eclipse Mosquitto version 1.6 through 2.0.10, where a memory leak occurs when an authenticated client sends a carefully crafted CONNECT message to the agent, which ca...

6.5CVSS6.4AI score0.01113EPSS
Exploits0References3
Veracode
Veracode
added 2021/04/29 12:17 p.m.32 views

Authorization Bypass

ceph:edge is vulnerable to authorization bypass. ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks...

8CVSS4.9AI score0.00646EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/04/07 7:15 p.m.20 views

CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

6.5CVSS6.5AI score
Exploits0References1
OSV
OSV
added 2021/04/07 7:15 p.m.5 views

ALPINE-CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

6.5CVSS6.7AI score0.00968EPSS
Exploits0References1
Prion
Prion
added 2021/04/07 7:15 p.m.13 views

Null pointer dereference

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

4CVSS6.3AI score0.00968EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/04/07 7:15 p.m.1 views

UBUNTU-CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

6.5CVSS5.8AI score0.00968EPSS
Exploits0References3
OSV
OSV
added 2021/02/19 8:15 p.m.1 views

UBUNTU-CVE-2021-26713

A stack-based buffer overflow in resrtpasterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession...

6.5CVSS7AI score0.01845EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/02/19 12:0 a.m.5 views

PT-2021-17107 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions prior to 16.16.1 Sangoma Asterisk versions 17.x prior to 17.9.2 Sangoma Asterisk versions 18.x prior to 18.2.1 Certified Asterisk versions prior to 16.8-cert6 Description: A stack-based buffer overflow in res rtp...

8.8CVSS6.3AI score0.4557EPSS
Exploits13References47
NVD
NVD
added 2020/09/21 3:15 p.m.20 views

CVE-2020-4590

IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650...

6.5CVSS0.01241EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/06/22 5:49 p.m.21 views

CVE-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...

8CVSS7.7AI score0.00646EPSS
Exploits0References2
CVE
CVE
added 2020/06/22 5:49 p.m.109 views

CVE-2020-10736

CVE-2020-10736 affects Ceph 15.2.0 up to, but not including, 15.2.2. The root cause is an authorization bypass in ceph-mon and ceph-mgr that allows an authenticated client to access unauthorized resources and modify configuration, potentially enabling further attacks. The documented impact is hig...

8CVSS7.5AI score0.00646EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview authenticated-client is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2020/01/30 1:15 a.m.12 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

8.8CVSS9.2AI score0.02385EPSS
Exploits2References4
OSV
OSV
added 2020/01/30 1:15 a.m.13 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

8.8CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2020/01/30 1:15 a.m.18 views

Heap overflow

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

6.5CVSS9.1AI score0.02385EPSS
Exploits2References4Affected Software1
RedhatCVE
RedhatCVE
added 2019/10/13 7:39 a.m.30 views

CVE-2018-10841

A flaw was found in glusterfs which can lead to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to...

8.8CVSS3AI score0.01284EPSS
Exploits0References2
ClickHouse
ClickHouse
added 2019/09/10 12:0 a.m.10 views

CVE-2019-16536

Stack overflow leading to DoS can be triggered by a malicious authenticated client. Eldar Zaitov of Yandex Information Security Team...

8.8CVSS5.4AI score0.00749EPSS
Exploits0
Veracode
Veracode
added 2019/05/02 5:5 a.m.25 views

Arbitrary Code Execution

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

6.5CVSS6.7AI score0.03379EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2019/05/02 5:5 a.m.33 views

Arbitrary Code Execution

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

6.5CVSS5.4AI score0.04378EPSS
Exploits0References17Affected Software1
Rows per page
Query Builder